Java Code Examples for soot.jimple.Stmt#getInvokeExpr()
The following examples show how to use
soot.jimple.Stmt#getInvokeExpr() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: Model.java From DroidRA with GNU Lesser General Public License v2.1 | 6 votes |
/** * Returns the arguments for a potential COAL query. * * @param stmt A program statement. * @return An array of arguments if the statement is for a COAL query, null otherwise. */ public Argument[] getArgumentsForQuery(Stmt stmt) { if (stmt.containsInvokeExpr()) { InvokeExpr invokeExpr = stmt.getInvokeExpr(); SootMethod method = invokeExpr.getMethod(); if (AnalysisParameters.v().isAnalysisClass(method.getDeclaringClass().getName()) && method.isConcrete() && method.hasActiveBody()) { MethodDescription description = queryToMethodDescriptionMap.get(method.getSignature()); if (description == null) { return null; } else { return description.getArguments(); } } return getArgumentsFromMethodDescription(queryToMethodDescriptionMap, invokeExpr); } return null; }
Example 2
Source File: SootToDexUtils.java From JAADAS with GNU General Public License v3.0 | 6 votes |
public static int getOutWordCount(Collection<Unit> units) { int outWords = 0; for (Unit u : units) { Stmt stmt = (Stmt) u; if (stmt.containsInvokeExpr()) { int wordsForParameters = 0; InvokeExpr invocation = stmt.getInvokeExpr(); List<Value> args = invocation.getArgs(); for (Value arg : args) { wordsForParameters += getDexWords(arg.getType()); } if (!invocation.getMethod().isStatic()) { wordsForParameters++; // extra word for "this" } if (wordsForParameters > outWords) { outWords = wordsForParameters; } } } return outWords; }
Example 3
Source File: AuthorityValueAnalysis.java From ic3 with Apache License 2.0 | 6 votes |
@Override public Set<Object> computeArgumentValues(Argument argument, Unit callSite) { ArgumentValueAnalysis stringAnalysis = ArgumentValueManager.v().getArgumentValueAnalysis( Constants.DefaultArgumentTypes.Scalar.STRING); Stmt stmt = (Stmt) callSite; if (!stmt.containsInvokeExpr()) { throw new RuntimeException("Statement " + stmt + " does not contain an invoke expression"); } InvokeExpr invokeExpr = stmt.getInvokeExpr(); Set<Object> hosts = stringAnalysis.computeVariableValues(invokeExpr.getArg(argument.getArgnum()[0]), stmt); Set<Object> ports = stringAnalysis.computeVariableValues(invokeExpr.getArg(argument.getArgnum()[1]), stmt); Set<Object> result = new HashSet<>(); for (Object host : hosts) { for (Object port : ports) { result.add(new DataAuthority((String) host, (String) port)); } } return result; }
Example 4
Source File: EasyTaintWrapper.java From JAADAS with GNU General Public License v3.0 | 6 votes |
@Override public boolean supportsCallee(Stmt callSite) { // We need an invocation expression if (!callSite.containsInvokeExpr()) return false; SootMethod method = callSite.getInvokeExpr().getMethod(); if (!supportsCallee(method)) return false; // We need a method that can create a taint if (!aggressiveMode) { // Check for a cached wrap type final MethodWrapType wrapType = methodWrapCache.getUnchecked(method); if (wrapType != MethodWrapType.CreateTaint) return false; } // We need at least one non-constant argument or a tainted base if (callSite.getInvokeExpr() instanceof InstanceInvokeExpr) return true; for (Value val : callSite.getInvokeExpr().getArgs()) if (!(val instanceof Constant)) return true; return false; }
Example 5
Source File: TypeStateMachineWeightFunctions.java From SPDS with Eclipse Public License 2.0 | 6 votes |
protected Collection<Val> generateAtConstructor(SootMethod m, Unit unit, Collection<SootMethod> calledMethod, MatcherTransition initialTrans) { boolean matches = false; for (SootMethod method : calledMethod) { if (initialTrans.matches(method)) { matches = true; } } if (!matches) return Collections.emptySet(); if (unit instanceof Stmt) { Stmt stmt = (Stmt) unit; if (stmt.containsInvokeExpr()) if (stmt.getInvokeExpr() instanceof InstanceInvokeExpr) { InstanceInvokeExpr iie = (InstanceInvokeExpr) stmt.getInvokeExpr(); if (iie.getBase() instanceof Local) { Local l = (Local) iie.getBase(); Set<Val> out = new HashSet<>(); out.add(new Val(l, m)); return out; } } } return Collections.emptySet(); }
Example 6
Source File: FileFuzzer.java From FuzzDroid with Apache License 2.0 | 6 votes |
private AnalysisDecision getFileFormatFromDataflow(int codePosID ) { Unit unit = codePositionManager.getUnitForCodePosition(codePosID); if(unit instanceof Stmt) { Stmt stmt = (Stmt)unit; if(stmt.containsInvokeExpr()) { InvokeExpr inv = stmt.getInvokeExpr(); SootMethod sm = inv.getMethod(); Pair<Integer, Object> paramValue = retrieveCorrectFileInformation(sm); ServerResponse response = new ServerResponse(); response.setAnalysisName(getAnalysisName()); response.setResponseExist(true); response.setParamValues(Collections.singleton(paramValue)); AnalysisDecision finalDecision = new AnalysisDecision(); finalDecision.setAnalysisName(getAnalysisName()); finalDecision.setDecisionWeight(8); finalDecision.setServerResponse(response); return finalDecision; } else return noResults(); } else { return noResults(); } }
Example 7
Source File: SmartConstantDataExtractorFuzzyAnalysis.java From FuzzDroid with Apache License 2.0 | 6 votes |
private boolean isSemanticallyCorrect(String loggingPoint, Stmt stmt) { if(loggingPoint == null) return false; if(stmt.containsInvokeExpr()) { InvokeExpr inv = stmt.getInvokeExpr(); String metSig = inv.getMethod().getSignature(); if(metSig.equals("<android.telephony.TelephonyManager: java.lang.String getSimOperator()>") || metSig.equals("<android.telephony.TelephonyManager: java.lang.String getNetworkOperator()>") ) { for(char c : loggingPoint.toCharArray()) { if(c < '0' || c > '9') return false; } } } return true; }
Example 8
Source File: SmartConstantDataExtractorFuzzyAnalysis.java From FuzzDroid with Apache License 2.0 | 6 votes |
private String fixSMTSolverIntegerOutput(String loggingPoint, Stmt stmt) { if(stmt.containsInvokeExpr()) { InvokeExpr inv = stmt.getInvokeExpr(); String metSig = inv.getMethod().getSignature(); if(metSig.equals("<android.telephony.TelephonyManager: java.lang.String getSimOperator()>") || metSig.equals("<android.telephony.TelephonyManager: java.lang.String getNetworkOperator()>") ) { String newLoggingPoint = ""; for(char c : loggingPoint.toCharArray()) { if(c < '0' || c > '9') { Random rand = new Random(); int num = rand.nextInt(10); newLoggingPoint += num; } else newLoggingPoint += c; } return newLoggingPoint; } } return loggingPoint; }
Example 9
Source File: FileFuzzer.java From FuzzDroid with Apache License 2.0 | 5 votes |
private boolean fileFormatAvailable(int codePosID){ Unit unit = codePositionManager.getUnitForCodePosition(codePosID); if(unit instanceof Stmt) { Stmt stmt = (Stmt)unit; if(stmt.containsInvokeExpr()) { InvokeExpr inv = stmt.getInvokeExpr(); SootMethod sm = inv.getMethod(); String methodSig = sm.getSignature(); switch(methodSig) { case "<android.content.Context: java.io.FileInputStream openFileInput(java.lang.String)>": case "<java.io.File: void <init>(java.io.File,java.lang.String)>": case "<java.io.File: void <init>(java.lang.String,java.lang.String)>": case "<java.io.File: void <init>(java.lang.String)>": case "<java.io.File: void <init>(java.net.URI)>": case "<android.content.ContextWrapper: java.io.FileInputStream openFileInput(java.lang.String)>": case "<android.content.Context: java.io.File getFileStreamPath(java.lang.String)>": case "<android.content.Context: java.io.File getDir(java.lang.String,int)>": case "<android.content.Context: java.io.File getDatabasePath(java.lang.String)>": case "<android.content.ContextWrapper: java.io.File getFileStreamPath(java.lang.String)>": case "<android.content.ContextWrapper: java.io.File getDir(java.lang.String,int)>": case "<android.content.ContextWrapper: java.io.File getDatabasePath(java.lang.String)>": case "<android.database.sqlite.SQLiteDatabase: android.database.sqlite.SQLiteDatabase openOrCreateDatabase(java.io.File,android.database.sqlite.SQLiteDatabase$CursorFactory)>": case "<android.database.sqlite.SQLiteDatabase: android.database.sqlite.SQLiteDatabase openOrCreateDatabase(java.lang.String,android.database.sqlite.SQLiteDatabase$CursorFactory)>": case "<android.database.sqlite.SQLiteDatabase: android.database.sqlite.SQLiteDatabase openOrCreateDatabase(java.lang.String,android.database.sqlite.SQLiteDatabase$CursorFactory,android.database.DatabaseErrorHandler)>": case "<android.content.ContextWrapper: android.database.sqlite.SQLiteDatabase openOrCreateDatabase(java.lang.String,android.database.sqlite.SQLiteDatabase$CursorFactory)>": case "<android.content.ContextWrapper: android.database.sqlite.SQLiteDatabase openOrCreateDatabase(java.lang.String,android.database.sqlite.SQLiteDatabase$CursorFactory,android.database.DatabaseErrorHandler)>": return true; default: return false; } } else return false; } else return false; }
Example 10
Source File: ArgumentValueAnalysis.java From DroidRA with GNU Lesser General Public License v2.1 | 5 votes |
/** * Computes the possible argument values for a given statement and a given argument. * * By default this simply calls {@link #computeArgumentValues(Argument, Unit)}. * * @param argument An {@link Argument}. * @param callSite A call statement. * @return The set of possible values for the argument. */ public Set<Object> computeArgumentValues(Argument argument, Unit callSite) { if (argument.getArgnum() == null) { return null; } if (AnalysisParameters.v().useShimple()) { // Shimple is not supported. return Collections.singleton((Object) getTopValue()); } else { Stmt stmt = (Stmt) callSite; if (!stmt.containsInvokeExpr()) { throw new RuntimeException("Statement " + stmt + " does not contain an invoke expression"); } InvokeExpr invokeExpr = stmt.getInvokeExpr(); int argnum = argument.getArgnum()[0]; Value value = null; if (argnum == Constants.INSTANCE_INVOKE_BASE_INDEX) { if (invokeExpr instanceof InstanceInvokeExpr) { value = ((InstanceInvokeExpr) invokeExpr).getBase(); } else { throw new RuntimeException("Invoke expression has no base: " + invokeExpr); } } else { value = stmt.getInvokeExpr().getArg(argnum); } return computeVariableValues(value, stmt); } }
Example 11
Source File: SourceMethodReturnValueAnalysis.java From DroidRA with GNU Lesser General Public License v2.1 | 5 votes |
@Override public Set<Object> computeMethodReturnValues(Call call) { Stmt stmt = call.stmt; if (!stmt.containsInvokeExpr() || !(stmt.getInvokeExpr() instanceof InstanceInvokeExpr)) { return Collections.singleton((Object) "(.*)"); } else { return Collections.singleton((Object) new SourceDescriptor(((InstanceInvokeExpr) stmt .getInvokeExpr()).getBase(), stmt)); } }
Example 12
Source File: DefaultSourceSinkManager.java From JAADAS with GNU General Public License v3.0 | 5 votes |
@Override public SourceInfo getSourceInfo(Stmt sCallSite, InterproceduralCFG<Unit, SootMethod> cfg) { SootMethod callee = sCallSite.containsInvokeExpr() ? sCallSite.getInvokeExpr().getMethod() : null; AccessPath targetAP = null; if (callee != null && sources.contains(callee.toString())) { if (callee.getReturnType() != null && sCallSite instanceof DefinitionStmt) { // Taint the return value Value leftOp = ((DefinitionStmt) sCallSite).getLeftOp(); targetAP = new AccessPath(leftOp, true); } else if (sCallSite.getInvokeExpr() instanceof InstanceInvokeExpr) { // Taint the base object Value base = ((InstanceInvokeExpr) sCallSite.getInvokeExpr()).getBase(); targetAP = new AccessPath(base, true); } } // Check whether we need to taint parameters else if (sCallSite instanceof IdentityStmt) { IdentityStmt istmt = (IdentityStmt) sCallSite; if (istmt.getRightOp() instanceof ParameterRef) { ParameterRef pref = (ParameterRef) istmt.getRightOp(); SootMethod currentMethod = cfg.getMethodOf(istmt); if (parameterTaintMethods.contains(currentMethod.toString())) targetAP = new AccessPath(currentMethod.getActiveBody() .getParameterLocal(pref.getIndex()), true); } } if (targetAP == null) return null; // Create the source information data structure return new SourceInfo(targetAP); }
Example 13
Source File: ObservableDynamicICFG.java From SPDS with Eclipse Public License 2.0 | 5 votes |
private void queryForCallees(Unit unit) { // Construct BackwardQuery, so we know which types the object might have logger.debug("Queried for callees of '{}'.", unit); Stmt stmt = (Stmt) unit; InvokeExpr invokeExpr = stmt.getInvokeExpr(); Value value = ((InstanceInvokeExpr) invokeExpr).getBase(); Val val = new Val(value, getMethodOf(stmt)); for (Unit pred : getPredsOf(stmt)) { Statement statement = new Statement((Stmt) pred, getMethodOf(unit)); BackwardQuery query = new BackwardQuery(statement, val); // Execute that query solver.solve(query, false); forAnyAllocationSiteOfQuery(query, invokeExpr, stmt); // Go through possible types an add edges to implementations in possible types // Set<ForwardQuery> keySet = results.getAllocationSites().keySet(); // for (ForwardQuery forwardQuery : keySet) { // // } // Fallback on Precompute if set was empty // if (options.fallbackOnPrecomputedOnEmpty() && keySet.isEmpty()) { // Iterator<Edge> precomputedCallers = precomputedCallGraph.edgesOutOf(unit); // while (precomputedCallers.hasNext()) { // Edge methodCall = precomputedCallers.next(); // if (methodCall.srcUnit() == null) // continue; // addCallIfNotInGraph(methodCall.srcUnit(), methodCall.tgt(), methodCall.kind()); // } // } } }
Example 14
Source File: OfflineProcessor.java From JAADAS with GNU General Public License v3.0 | 5 votes |
public void defaultFeedPtsRoutines() { switch (Parameters.seedPts) { case Constants.seedPts_allUser: setAllUserCodeVariablesUseful(); break; case Constants.seedPts_all: // All pointers will be processed for (int i = 0; i < n_var; ++i) { IVarAbstraction pn = int2var.get(i); if ( pn != null && pn.getRepresentative() == pn ) pn.willUpdate = true; } return; } // We always refine the callsites that have multiple call targets Set<Node> multiBaseptrs = new HashSet<Node>(); for (Stmt callsite : geomPTA.multiCallsites) { InstanceInvokeExpr iie = (InstanceInvokeExpr) callsite.getInvokeExpr(); VarNode vn = geomPTA.findLocalVarNode(iie.getBase()); multiBaseptrs.add(vn); } addUserDefPts(multiBaseptrs); }
Example 15
Source File: ClassLoaderTransformer.java From FuzzDroid with Apache License 2.0 | 5 votes |
@Override protected void internalTransform(Body b, String phaseName, Map<String, String> options) { // Do not instrument methods in framework classes if (!canInstrumentMethod(b.getMethod())) return; // Check for calls to DexFile.loadClass for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) { Stmt stmt = (Stmt) unitIt.next(); if (stmt.hasTag(InstrumentedCodeTag.name)) continue; if (!(stmt instanceof AssignStmt)) continue; AssignStmt assignStmt = (AssignStmt) stmt; if (stmt.containsInvokeExpr()) { InvokeExpr iexpr = stmt.getInvokeExpr(); if (iexpr.getMethod() == methodDexFileLoadClass) { List<Value> args = new ArrayList<>(); args.add(((InstanceInvokeExpr) iexpr).getBase()); args.addAll(iexpr.getArgs()); InvokeExpr newLoadExpr = Jimple.v().newStaticInvokeExpr(methodOwnLoader.makeRef(), args); b.getUnits().swapWith(stmt, Jimple.v().newAssignStmt(assignStmt.getLeftOp(), newLoadExpr)); } } } }
Example 16
Source File: OnTheFlyJimpleBasedICFG.java From JAADAS with GNU General Public License v3.0 | 5 votes |
@Override public Set<SootMethod> load(Unit u) throws Exception { Stmt stmt = (Stmt)u; InvokeExpr ie = stmt.getInvokeExpr(); FastHierarchy fastHierarchy = Scene.v().getFastHierarchy(); //FIXME Handle Thread.start etc. if(ie instanceof InstanceInvokeExpr) { if(ie instanceof SpecialInvokeExpr) { //special return Collections.singleton(ie.getMethod()); } else { //virtual and interface InstanceInvokeExpr iie = (InstanceInvokeExpr) ie; Local base = (Local) iie.getBase(); RefType concreteType = bodyToLMNAA.getUnchecked(unitToOwner.get(u)).concreteType(base, stmt); if(concreteType!=null) { //the base variable definitely points to a single concrete type SootMethod singleTargetMethod = fastHierarchy.resolveConcreteDispatch(concreteType.getSootClass(), iie.getMethod()); return Collections.singleton(singleTargetMethod); } else { SootClass baseTypeClass; if(base.getType() instanceof RefType) { RefType refType = (RefType) base.getType(); baseTypeClass = refType.getSootClass(); } else if(base.getType() instanceof ArrayType) { baseTypeClass = Scene.v().getSootClass("java.lang.Object"); } else if(base.getType() instanceof NullType) { //if the base is definitely null then there is no call target return Collections.emptySet(); } else { throw new InternalError("Unexpected base type:"+base.getType()); } return fastHierarchy.resolveAbstractDispatch(baseTypeClass, iie.getMethod()); } } } else { //static return Collections.singleton(ie.getMethod()); } }
Example 17
Source File: StringToPrimitiveTypeExtractorDataflowHandler.java From FuzzDroid with Apache License 2.0 | 4 votes |
@Override public void onResultsAvailable(IInfoflowCFG cfg, InfoflowResults results) { for(ResultSinkInfo sinkInfo : results.getResults().keySet()) { Stmt sink = sinkInfo.getSink(); InvokeExpr sinkExpr = sink.getInvokeExpr(); SootMethod sinkMethod = sinkExpr.getMethod(); Set<Object> values = new HashSet<Object>(); switch(sinkMethod.getSignature()) { case "<java.lang.Boolean: boolean parseBoolean(java.lang.String)>": values.add("true"); values.add("false"); break; //we add two random values case "<java.lang.Byte: byte parseByte(java.lang.String)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Byte: byte parseByte(java.lang.String, int)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Short: short parseShort(java.lang.String)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Short: short parseShort(java.lang.String, int)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Integer: int parseInteger(java.lang.String)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Integer: int parseInteger(java.lang.String, int)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Long: long parseLong(java.lang.String)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Long: long parseLong(java.lang.String, int)>": values.add("0"); values.add("42"); break; //we add two random values case "<java.lang.Double: double parseDouble(java.lang.String)>": values.add("0"); values.add("42.0"); break; //we add two random values case "<java.lang.Float: float parseFloat(java.lang.String)>": values.add("0"); values.add("20.75f"); break; } //all sources Set<ResultSourceInfo> sourceInfos = results.getResults().get(sinkInfo); for(ResultSourceInfo sourceInfo : sourceInfos) { Stmt source = sourceInfo.getSource(); int sourceID = codePositionManager.getCodePositionForUnit(source).getID(); valuesToFuzz.put(sourceID, values); } } }
Example 18
Source File: CallFlowFunctionFactory.java From DroidRA with GNU Lesser General Public License v2.1 | 4 votes |
/** * Returns a call flow function. * * @param src A statement that is the source of a call edge in the call graph. This is generally a * call statement, but field accesses can also lead to edges leading to class * initializers. * @param dest The destination method. * @param zeroValue The zero value for the analysis, which represents the absence of a data flow * fact. * @return The call flow function for the input statement. */ public FlowFunction<Value> getCallFlowFunction(Unit src, final SootMethod dest, final Value zeroValue) { if (logger.isDebugEnabled()) { logger.debug("Call: " + src); } String declaringClass = dest.getDeclaringClass().getName(); if (!AnalysisParameters.v().isAnalysisClass(declaringClass)) { // Only propagate through analysis classes. return KillAll.v(); } Stmt stmt = (Stmt) src; // Some statements other than call statements (e.g., field accesses) can lead to call edges to // class initializers. boolean containsInvokeExpr = stmt.containsInvokeExpr(); final InvokeExpr ie = containsInvokeExpr ? stmt.getInvokeExpr() : null; if (containsInvokeExpr && (Model.v().getArgumentsForGenMethod(ie) != null || Model.v() .getArgumentsForCopyConstructor(ie.getMethodRef()) != null)) { return KillAll.v(); } return new FlowFunction<Value>() { @Override public Set<Value> computeTargets(Value source) { if (logger.isDebugEnabled()) { logger.debug("Source: " + source); } if (dest.getName().equals(SootMethod.staticInitializerName)) { if (source instanceof FieldRef) { return Collections.singleton(source); } else { return Collections.emptySet(); } } final List<Value> paramLocals = new ArrayList<Value>(); for (int i = 0; i < dest.getParameterCount(); ++i) { // TODO (Damien): maybe activate again? // if (ie.getArg(i) instanceof NullConstant && source.equals(zeroValue)) { // return Collections.singleton((Value) dest.getActiveBody().getParameterLocal(i)); // } paramLocals.add(dest.getActiveBody().getParameterLocal(i)); } int argIndex = FunctionFactoryUtils.shouldPropagateSource(source, ie.getArgs()); if (argIndex != -1) { if (logger.isDebugEnabled()) { logger.debug("Returning " + paramLocals.get(argIndex)); } return Collections.singleton(paramLocals.get(argIndex)); } if (source instanceof StaticFieldRef) { // Always propagate static fields. return Collections.singleton(source); } else if (source instanceof InstanceFieldRef) { if (FunctionFactoryUtils.shouldPropagateInstanceField((InstanceFieldRef) source, ie)) { return Collections.singleton(source); } } if (logger.isDebugEnabled()) { logger.debug("Returning empty set"); } return Collections.emptySet(); } }; }
Example 19
Source File: NullnessAnalysis.java From JAADAS with GNU General Public License v3.0 | 4 votes |
/** * {@inheritDoc} */ @Override protected void flowThrough(AnalysisInfo in, Unit u, List<AnalysisInfo> fallOut, List<AnalysisInfo> branchOuts) { AnalysisInfo out = new AnalysisInfo(in); AnalysisInfo outBranch = new AnalysisInfo(in); Stmt s = (Stmt)u; //in case of an if statement, we neet to compute the branch-flow; //e.g. for a statement "if(x!=null) goto s" we have x==null for the fallOut and //x!=null for the branchOut //or for an instanceof expression if(s instanceof JIfStmt) { JIfStmt ifStmt = (JIfStmt) s; handleIfStmt(ifStmt, in, out, outBranch); } //in case of a monitor statement, we know that if it succeeds, we have a non-null value else if(s instanceof MonitorStmt) { MonitorStmt monitorStmt = (MonitorStmt) s; out.put(monitorStmt.getOp(), NON_NULL); } // if we have an array ref, set the base to non-null if(s.containsArrayRef()) { ArrayRef arrayRef = s.getArrayRef(); handleArrayRef(arrayRef,out); } // for field refs, set the receiver object to non-null, if there is one if(s.containsFieldRef()) { FieldRef fieldRef = s.getFieldRef(); handleFieldRef(fieldRef, out); } // for invoke expr, set the receiver object to non-null, if there is one if(s.containsInvokeExpr()) { InvokeExpr invokeExpr = s.getInvokeExpr(); handleInvokeExpr(invokeExpr, out); } //if we have a definition (assignment) statement to a ref-like type, handle it, //i.e. assign it TOP, except in the following special cases: // x=null, assign NULL // x=@this or x= new... assign NON_NULL // x=y, copy the info for y (for locals x,y) if(s instanceof DefinitionStmt) { DefinitionStmt defStmt = (DefinitionStmt) s; if(defStmt.getLeftOp().getType() instanceof RefLikeType) { handleRefTypeAssignment(defStmt, out); } } // now copy the computed info to all successors for( Iterator<AnalysisInfo> it = fallOut.iterator(); it.hasNext(); ) { copy( out, it.next() ); } for( Iterator<AnalysisInfo> it = branchOuts.iterator(); it.hasNext(); ) { copy( outBranch, it.next() ); } }
Example 20
Source File: DynamicValueTransformer.java From FuzzDroid with Apache License 2.0 | 4 votes |
@Override protected void internalTransform(Body b, String phaseName, Map<String, String> options) { // Do not instrument methods in framework classes if (!canInstrumentMethod(b.getMethod())) return; // Iterate over all statements. For each definition statement that // defines a string, report the string to the server. for (Iterator<Unit> unitIt = b.getUnits().snapshotIterator(); unitIt.hasNext(); ) { Unit curUnit = unitIt.next(); // If we're still inside the IdentityStmt block, there's nothing to // instrument if (curUnit instanceof IdentityStmt || // If this unit was instrumented by another transformer, there's nothing to instrument curUnit.hasTag(InstrumentedCodeTag.name)) continue; if (instrumentOnlyComparisons) { // Is this a comparison? Stmt curStmt = (Stmt) curUnit; if (!curStmt.containsInvokeExpr()) continue; InvokeExpr invExpr = curStmt.getInvokeExpr(); if (comparisonSignatures.contains(invExpr.getMethod().getSignature())) { if (invExpr instanceof InstanceInvokeExpr) checkAndReport(b, curStmt, ((InstanceInvokeExpr) invExpr).getBase(), -1); for (int i = 0; i < invExpr.getArgCount(); i++) checkAndReport(b, curStmt, invExpr.getArg(i), i); } // Do not look for anything else continue; } // We only care about statements that define strings if (!(curUnit instanceof AssignStmt)) continue; AssignStmt assignStmt = (AssignStmt) curUnit; checkAndReport(b, assignStmt, assignStmt.getLeftOp(), -1); } }